CVE-2006-6931 - Vulnerability Details - OpenCVE

Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a "backtracking attack."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Snort	Snort

Configuration 1 [-]

cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.immunitysec.com/pipermail/dailydave/2007-January/003954.html
http://secunia.com/advisories/23716
http://secunia.com/advisories/24164
http://secunia.com/advisories/24338
http://security.gentoo.org/glsa/glsa-200702-03.xml
http://securitytracker.com/id?1017508
http://www.acsac.org/2006/abstracts/54.html
http://www.acsac.org/2006/advance_program.html
http://www.acsac.org/2006/papers/54.pdf
http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf
http://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip
http://www.mandriva.com/security/advisories?name=MDKSA-2007:051
http://www.osvdb.org/32096
http://www.securityfocus.com/bid/21991
http://www.snort.org/pub-bin/snortnews.cgi
https://exchange.xforce.ibmcloud.com/vulnerabilities/31430

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-16T23:00:00

Updated: 2024-08-07T20:42:07.809Z

Reserved: 2007-01-16T00:00:00

Link: CVE-2006-6931

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-01-16T23:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-6931

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-12-12T00:00:00", "descriptions": [{"lang": "en", "value": "Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a \"backtracking attack.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "21991", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21991"}, {"tags": ["x_refsource_MISC"], "url": "http://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip"}, {"name": "[dailydave] 20070110 Algorithmic Bugs", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/003954.html"}, {"name": "24164", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24164"}, {"name": "24338", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24338"}, {"name": "snort-rule-matching-dos(31430)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31430"}, {"name": "32096", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32096"}, {"name": "23716", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23716"}, {"name": "1017508", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017508"}, {"name": "GLSA-200702-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200702-03.xml"}, {"tags": ["x_refsource_MISC"], "url": "http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf"}, {"name": "MDKSA-2007:051", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:051"}, {"tags": ["x_refsource_MISC"], "url": "http://www.acsac.org/2006/advance_program.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.acsac.org/2006/papers/54.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://www.acsac.org/2006/abstracts/54.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.snort.org/pub-bin/snortnews.cgi"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6931", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a \"backtracking attack.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21991", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21991"}, {"name": "http://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip", "refsource": "MISC", "url": "http://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip"}, {"name": "[dailydave] 20070110 Algorithmic Bugs", "refsource": "MLIST", "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/003954.html"}, {"name": "24164", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24164"}, {"name": "24338", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24338"}, {"name": "snort-rule-matching-dos(31430)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31430"}, {"name": "32096", "refsource": "OSVDB", "url": "http://www.osvdb.org/32096"}, {"name": "23716", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23716"}, {"name": "1017508", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017508"}, {"name": "GLSA-200702-03", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200702-03.xml"}, {"name": "http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf", "refsource": "MISC", "url": "http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf"}, {"name": "MDKSA-2007:051", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:051"}, {"name": "http://www.acsac.org/2006/advance_program.html", "refsource": "MISC", "url": "http://www.acsac.org/2006/advance_program.html"}, {"name": "http://www.acsac.org/2006/papers/54.pdf", "refsource": "MISC", "url": "http://www.acsac.org/2006/papers/54.pdf"}, {"name": "http://www.acsac.org/2006/abstracts/54.html", "refsource": "MISC", "url": "http://www.acsac.org/2006/abstracts/54.html"}, {"name": "http://www.snort.org/pub-bin/snortnews.cgi", "refsource": "CONFIRM", "url": "http://www.snort.org/pub-bin/snortnews.cgi"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:42:07.809Z"}, "title": "CVE Program Container", "references": [{"name": "21991", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21991"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip"}, {"name": "[dailydave] 20070110 Algorithmic Bugs", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/003954.html"}, {"name": "24164", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24164"}, {"name": "24338", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24338"}, {"name": "snort-rule-matching-dos(31430)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31430"}, {"name": "32096", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/32096"}, {"name": "23716", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23716"}, {"name": "1017508", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017508"}, {"name": "GLSA-200702-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200702-03.xml"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf"}, {"name": "MDKSA-2007:051", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:051"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.acsac.org/2006/advance_program.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.acsac.org/2006/papers/54.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.acsac.org/2006/abstracts/54.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.snort.org/pub-bin/snortnews.cgi"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6931", "datePublished": "2007-01-16T23:00:00", "dateReserved": "2007-01-16T00:00:00", "dateUpdated": "2024-08-07T20:42:07.809Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:snort:snort:*:*:*:*:*:*:*:*", "matchCriteriaId": "020FACB7-031C-43A3-A138-61E0C24F467D", "versionEndIncluding": "2.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a \"backtracking attack.\""}, {"lang": "es", "value": "Vulnerabilidad de complejidad algor\u00edtmica en Snort anterior a 2.6.1, durante la evaluaci\u00f3n de un predicado en el chequeo de reglas para ciertas reglas, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU y parada de detecci\u00f3n) mediante tr\u00e1fico de red manipulado, tambi\u00e9n conocido como un \"ataque de vuelta hacia atr\u00e1s\" (backtracking attack)."}], "id": "CVE-2006-6931", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-16T23:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/003954.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23716"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24164"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24338"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200702-03.xml"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017508"}, {"source": "cve@mitre.org", "url": "http://www.acsac.org/2006/abstracts/54.html"}, {"source": "cve@mitre.org", "url": "http://www.acsac.org/2006/advance_program.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.acsac.org/2006/papers/54.pdf"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf"}, {"source": "cve@mitre.org", "url": "http://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:051"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/32096"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21991"}, {"source": "cve@mitre.org", "url": "http://www.snort.org/pub-bin/snortnews.cgi"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31430"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.immunitysec.com/pipermail/dailydave/2007-January/003954.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24164"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24338"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200702-03.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017508"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.acsac.org/2006/abstracts/54.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.acsac.org/2006/advance_program.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.acsac.org/2006/papers/54.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.cs.wisc.edu/~smithr/pubs/acsac2006.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.cs.wisc.edu/~smithr/pubs/randy_smith_acsac2006.zip"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:051"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/32096"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/21991"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.snort.org/pub-bin/snortnews.cgi"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31430"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}